Re: fail2ban for NetBSD-based routers & networks

You could see if http://www.webgroup.ch/ipfw_ban/ might be
configured/extended for your case. It monitors arbitrary log files
and does the selective blocking on IPs gleaned from them for a
configurable period.
Alas, it is ipfw-based and IPFW_BAN::housekeeping() would need to
be broken out to support an arbitrary user action, like in your
case notifying the router. This could be easily done by letting the
user pass a code reference for the actual block/unblock actions.
If you are so inclined, we can generalize the above and then I'll
put it into pkgsrc/wip - I had written it a while back because
fail2ban was just too unwieldy for my purposes (NIH).
Ast